How to install and Configure Wireguard VPN on Ubuntu 24.04|22.04

This guide will show you how to install and configure a WireGuard VPN on Ubuntu 24.04|22.04 system.

WireGuard is an IPv4 and IPv6 connection-compatible lightweight virtual private network (VPN).
Using a VPN enables you to navigate public networks as though you were on a private network.
When using your laptop or smartphone to connect to an unsecured network, such as the WiFi at a hotel or coffee shop, it provides you the flexibility to use the internet safely and securely.

Although WireGuard was primarily developed for the Linux kernel, it quickly became popular with users of Windows and MacOS.

1. Install WireGuard VPN on Ubuntu 24.04|22.04

Firstly, before we begin to install Wireguard VPN on Ubuntu, you need to update your system using the command below;

 sudo apt update  

Next, If your machine doesn’t already have IPTABLES, install it.

sudo apt-get install iptables -y

To install Wireguard run the command on your Ubuntu 24.04|22.04;

 sudo apt-get install wireguard -y

Sample output;

Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  wireguard-tools
Suggested packages:
  openresolv | resolvconf
The following NEW packages will be installed:
  wireguard wireguard-tools
0 upgraded, 2 newly installed, 0 to remove and 109 not upgraded.
Need to get 90.0 kB of archives.
After this operation, 345 kB of additional disk space will be used.
Get:1 http://ke.archive.ubuntu.com/ubuntu jammy/main amd64 wireguard-tools amd64 1.0.20210914-1ubuntu2 [86.9 kB]
Get:2 http://ke.archive.ubuntu.com/ubuntu jammy/universe amd64 wireguard all 1.0.20210914-1ubuntu2 [3,114 B]
Fetched 90.0 kB in 5s (17.2 kB/s)    
Selecting previously unselected package wireguard-tools.
(RUnpacking wireguard (1.0.20210914-1ubuntu2) ...
Setting up wireguard-tools (1.0.20210914-1ubuntu2) ...
wg-quick.target is a disabled or a static unit not running, not starting it.
Setting up wireguard (1.0.20210914-1ubuntu2) ...
Processing triggers for man-db (2.10.2-1) ...
Reading database ... 195624 files and directories currently installed.)

2. Configure WireGuard on Ubuntu 24.04|22.04

Then execute the following command to generate both a public and a private key.

wg genkey |  sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

Now check to see if both keys were generated using the below command.

$ sudo ls /etc/wireguard
privatekey  publickey

Use the following commands to see the contents of both the private key and the public key.

sudo cat /etc/wireguard/privatekey
sudo cat /etc/wireguard/publickey

The keys are generated and saved in the location /etc/wireguard. The next step is to create a network configuration.

$ sudo vim /etc/wireguard/wg0.conf
[Interface]
Address = 10.10.10.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = <SERVER-PRIVATE-KEY>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Substitute the values for the server’s private key for “SERVER-PRIVATE-KEY“.

Set the wireguard configuration files’ permissions appropriately.

 sudo chmod 600 /etc/wireguard/{privatekey,wg0.conf}

Run the following command to launch the wireguard interface Wgo.

 sudo wg-quick up wg0

Output;

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.10.10.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

If your system has a firewall, use the command below to allow port 51820.

$ sudo ufw allow 51820/udp
Rules updated
Rules updated (v6)

3. Starting the WireGuard Server

Enable WireGuard VPN so that it launches at startup.

Use the command below;

sudo systemctl enable wg-quick@wg0

Start WireGuard VPN

 sudo systemctl start [email protected]

With the following command, double-check that the WireGuard service is active.
The output should show active (running).

 systemctl status [email protected]

Output;

● [email protected] - WireGuard via wg-quick(8) for wg0
     Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor pre>
     Active: active (exited) since Wed 2022-11-23 09:48:15 EAT; 5min ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 845 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCC>
   Main PID: 845 (code=exited, status=0/SUCCESS)
        CPU: 85ms

4. Enable IP forwarding

In the /etc/sysctl.conf file, uncomment the line that reads “net.ipv4.ip forward=1“.You can choose your best editor.

 sudo vi /etc/sysctl.conf

Uncomment line;

net.ipv4.ip_forward=1

Make changes by using the command:

 sudo sysctl -p

That’s all about the installation of Wireguard VPN.

Conclusion

You’ve made it to the end of the article. You have now learned how to set up WireGuard VPN on Ubuntu 24.04|22.04.

Read more about WireGuard VPN

Other manual guides to check:

1. How to install Python 3.11 on Ubuntu 22.04|20.04
2. How To Install Google Chrome on Ubuntu 22.04|20.04
3. Install LAMP Stack on Ubuntu 22.04|20.04